Difference between revisions of "November 19, 2018 GDPR whitepaper on FHIR call"
(6 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
!x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name''' | !x||'''Member Name'''|| !! x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name''' | ||
|- | |- | ||
− | || | + | || X|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair |
− | |||| | + | ||||X|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair |
− | |||| | + | ||||X|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair |
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair | ||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair | ||
|-. | |-. | ||
|| .|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] Security Co-chair | || .|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] Security Co-chair | ||
− | |||| | + | ||||X|| [mailto:david.pyke@readycomputing.com David Pyke] CBCP Co-Chair |
− | |||| | + | ||||X|| [mailto:giorgio.cangioli@gmail.com Giorgio Cangioli] |
||||.|| [mailto:joseph.lamy@ssa.gov Joe Lamy] | ||||.|| [mailto:joseph.lamy@ssa.gov Joe Lamy] | ||
|- | |- | ||
− | || | + | || X|| [mailto:peter.van.liesdonk@philips.com Peter van Liesdonk] |
||||.|| [mailto: ] | ||||.|| [mailto: ] | ||
||||.|| [mailto: ] | ||||.|| [mailto: ] | ||
Line 32: | Line 32: | ||
#''(10 min)'' Presentation Proposal "Purpose of Processing" (Peter) (link: https://docs.google.com/document/d/1rIHhL5FTIFVD9EGgW70SkElfsMH9ofHoDuYnVHMOZF4/edit?usp=sharing) | #''(10 min)'' Presentation Proposal "Purpose of Processing" (Peter) (link: https://docs.google.com/document/d/1rIHhL5FTIFVD9EGgW70SkElfsMH9ofHoDuYnVHMOZF4/edit?usp=sharing) | ||
#''(20 min)'' Harmonization discussion - PoU vs. Purpose of Processing | #''(20 min)'' Harmonization discussion - PoU vs. Purpose of Processing | ||
− | #''(10 min)'' | + | #''(10 min)'' IPS uses case - current state (Georgio) (link: https://docs.google.com/document/d/1j8tWH52kEg_D_V2G8CXbKajfmidIk8P24HUbH0pHKjQ/edit?usp=sharing) |
− | #''(5 min)'' Reminder - issues from WGM: | + | #''(5 min)'' Reminder - open issues from WGM, still to be addressed: |
Are update events to be reported in a transparency report? | Are update events to be reported in a transparency report? | ||
Line 39: | Line 39: | ||
Operations: | Operations: | ||
− | + | Graham poposes to define an erasure operation that takes a Patient or Person. It returns rejected. Success. Or partial success.... (question: is there a need for it to report what it deleted? Or what it didn't? Nevertheless, it does need to report external recipients) | |
− | Is | + | |
− | Operation for transparency: search on AuditEvents? | + | Is there a need for a Operation for transparency: i.e. a search on AuditEvents? |
Do we need a CapabilityStatement like resource that describes server data retention rules. Possibly useful for client too to state the client need. | Do we need a CapabilityStatement like resource that describes server data retention rules. Possibly useful for client too to state the client need. |
Latest revision as of 16:57, 26 November 2018
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
X | John Moehrke Security Co-chair | X | Kathleen Connor Security Co-chair | X | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
. | Christopher Shawn Security Co-chair | X | David Pyke CBCP Co-Chair | X | Giorgio Cangioli | . | Joe Lamy | |||
X | Peter van Liesdonk | . | [mailto: ] | . | [mailto: ] | . | [mailto: ] |
Agenda
- (5 min) Roll Call, Agenda Approval
- (10 min) Presentation Proposal "Purpose of Processing" (Peter) (link: https://docs.google.com/document/d/1rIHhL5FTIFVD9EGgW70SkElfsMH9ofHoDuYnVHMOZF4/edit?usp=sharing)
- (20 min) Harmonization discussion - PoU vs. Purpose of Processing
- (10 min) IPS uses case - current state (Georgio) (link: https://docs.google.com/document/d/1j8tWH52kEg_D_V2G8CXbKajfmidIk8P24HUbH0pHKjQ/edit?usp=sharing)
- (5 min) Reminder - open issues from WGM, still to be addressed:
Are update events to be reported in a transparency report? Depth of Provenance
Operations: Graham poposes to define an erasure operation that takes a Patient or Person. It returns rejected. Success. Or partial success.... (question: is there a need for it to report what it deleted? Or what it didn't? Nevertheless, it does need to report external recipients)
Is there a need for a Operation for transparency: i.e. a search on AuditEvents?
Do we need a CapabilityStatement like resource that describes server data retention rules. Possibly useful for client too to state the client need.
We might need to address Break-Glass as a healthcare safety mechanism.
Links:
Harmonization proposal:
https://gdpr-info.eu/art-6-gdpr/
https://gdpr-info.eu/art-9-gdpr/
Link to Confluence page: http://confluence.hl7.org/display/SEC/FHIR+-+GDPR